“If a cyber attack has not already happened in your business, odds are it will – possibly soon.” – Steve Culp, Global Managing Director for Accenture Finance and Risk Services.
There is no better time for a hacker to follow the movements of business employees than on a bank holiday weekend. Hackers know your business has potentially less resources to handle an attack, when lots of people are taking time off or working at home. And while most workers are on holiday, website traffic or network issues can take longer than normal to resolve without the right support. This can hurt your brand and result in loss of revenue.
Hackers often target businesses on a Friday – for example, the NHS was hit on Friday 12 May and spread to 99 organisations across the world, and Wonga discovered a data breach on Friday 7 April.
Are you prepared for another wave of WannaCry?
In addition, senior management represent the greatest risk to their own organisation according to the latest report by iPass. This includes the CEO (chief executive officer), COO (chief operations officer) and CFO (chief financial officer). C-level executives often emphasise the importance of cybersecurity for employees, but they have the maximum access to the company network and confidential data.
“The grim reality is that C-level executives are by far at the greatest risk of being hacked outside of the office. They are not your typical nine to five office worker. They often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data imaginable. They represent a dangerous combination of being both highly valuable and highly available, therefore a prime target for any hacker,” said Raghu Konka, vice president of engineering at iPass.
The top high-risk venues reported by 42 percent of respondents were cafes and coffee shops, followed by airports (30 percent), hotels (16 percent), exhibition centres (seven percent) and airplanes (four percent).
The government Cyber Streetwise campaign lists these major cyber threats to small and medium businesses:
- Ransomware – malicious software, typically via a phishing email, encrypts all the data on the company’s network, and demands a ransom to decrypt the data.
- Hack attack – hacker gains access to the company network, typically through an unpatched vulnerability in the software, allowing them access to company data – targeting personal, identifiable information on a company’s customers, especially credit card information.
- Denial of Service – a company’s website is hit by a high volume of traffic to its servers, and can demand a ransom to make it stop.
- CEO Fraud – when a criminal poses as a senior person within the firm via their email and convinces employees to make payment
- Human error – of course, people can be a weak link in the chain. Information lost or distributed to the wrong person causes a huge number of data breaches.
You or your employees might be taking the bank holiday off, but hackers won’t be! With remote working on the increase, hackers have more opportunity to target your employees across locations. You don’t want a quick check of emails on the beach to turn into a cyber attack across the business.
So what can you do?
A quiet weekend and a lull in business operations can present a good opportunity to review your cybersecurity.
Travelers ‘Hacked: The Implications of a Cyber Breach’ notes that while large, national companies make headlines with cyber breaches, smaller companies are greater in number, and 62% of all data breach victims are small to mid-size businesses. Small and medium sized businesses often have less resources to deal with threats.
Here’s a checklist for the SMB owner to consider before a bank holiday weekend:
- Install software and security patch updates across all devices and servers to ensure you are protected from the latest threats and vulnerabilities. Particularly important if you plan to use your devices abroad.
- Do a company-wide password audit – do your employees have too much access to sensitive networks or data, when were the last password resets, how strong are employees’ individual passwords and what happens if one password is cracked?
- Segment the company network so no single employee has access to the entire business.
- However, hackers target CEOs for precisely this reason. Apps allow you to access financial and confidential data from anywhere and you need to do this securely. Only enter passwords and private details on secure wireless networks, not open WiFi in public places. Ensure websites have their security certificate before you make any transactions.
- Be prepared for an attack – even if you are not in the office. Encryption of your data ensures hackers can’t use your information because it will be useless, and data backups ensure you aren’t held to ransom. Use the bank holiday to review procedures for a network outage and disaster recovery plans.
The right Unified Communications system for remote workers enables us to provide technology support for clients 24/7/365. We use Avaya IP Office so our support team can be reached anytime, anywhere, and have all our resources on hand.